That safe and secure Foxit plugin you use?

Subject: General Tech | January 14, 2013 - 02:00 PM |
Tagged: pdf, foxit, security, fud

The Register has some bad news about that PDF reader you prefer to Adobe's software, a new vulnerability which does not even stem from booby-trapped document but from a long link name.  It seems that you can cause a buffer overflow in Foxit simply by copying the entire URL into a fixed-sized buffer when the user clicks on a PDF which "pretty much lets you write to a memory location of your choice".  5.4.4.1128 and older version are vulnerable and we have yet to hear from the creators of Foxit.  Looks like no PDF reader is safe at this point.

foxit.JPG

"A new security bug in the popular Foxit PDF reader plugin for web browsers allows miscreants to compromise computers and install malware. There's no patch for this zero-day vulnerability.

Italian security researcher Andrea Micalizzi discovered that the latest version of the software crashes if users are tricked into clicking on an overly long web link. The plugin is kicked into action by the browser to handle the file and promptly bombs."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register